Find the answer to your Linux question:
Results 1 to 3 of 3
I've attempted to set up a tunnel between port 80 on my linux box at uni (Debain testing) and my box at home (Debian stable). In theory this should allow ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2006
    Posts
    3

    SSH woes


    I've attempted to set up a tunnel between port 80 on my linux box at uni (Debain testing) and my box at home (Debian stable). In theory this should allow me to tunnel through the university firewall and connect to my box at home (I believe). I've tested the connection and it works both on my home network and across the internet from a friend's house yet it will not connect through the uni firewall. I've googled and tried many configurations but I'm out of ideas (or perhaps don't have a complete understanding of the system). If anyone can advise me as to the issue I would be most greatful.

    (I edited the HTTP address and any other sensitive info as I assumed it would be prudent).


    roadrunner:/home/user# ssh -v home.address.org
    OpenSSH_4.3p2 Debian-9, OpenSSL 0.9.8c 05 Sep 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Applying options for home.address.org
    debug1: Connecting to home.address.org [xxx.xxx.xxx.xxx] port 80.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9
    debug1: match: OpenSSH_4.3p2 Debian-9 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-9
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'home.address.org' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:3
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    Read from socket failed: Connection reset by peer

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,813
    Hmm, universities normally run firewalls for a bloody good reason. If it's stopping you from getting out and connecting via ssh, then it seems to have done the job it was set up for.

    Of course, you could try moving your ssh hosted port to something random and above 1024. No guarantees this will work, of course, because we dont know how strict the university firewall is.

    The next step from this is to run squid on your debian box at home, and forward the squid proxy port over the tunneled ssh connection - then you can run your web browser on the remote machine and tell it to connect to the 'localhost' proxy port, which will then go out over the tunneled connection and to the internet from your home.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Dec 2006
    Posts
    3
    Quote Originally Posted by Roxoff View Post
    Hmm, universities normally run firewalls for a bloody good reason. If it's stopping you from getting out and connecting via ssh, then it seems to have done the job it was set up for.

    Of course, you could try moving your ssh hosted port to something random and above 1024. No guarantees this will work, of course, because we dont know how strict the university firewall is.

    The next step from this is to run squid on your debian box at home, and forward the squid proxy port over the tunneled ssh connection - then you can run your web browser on the remote machine and tell it to connect to the 'localhost' proxy port, which will then go out over the tunneled connection and to the internet from your home.
    Thanks Roxoff, I actually just want to be able to connect to my box to monitor it and chat to my family (via my IRC server). The university is quite draconian in the services it allows you to use, I am away from home for long periods and being able to say hello without worrying about the cost is my primary aim. I had hoped to use the HTTP MSN server but it's being blocked. I don't know if it's worth pointing out but I'm obviously running a Debian/Gnu based laptop to connect to home so I'm not installing or modifying any of the university computers (which are understandably locked down). Ports are restricted to 80, 443 and incoming FTP on 21.

    IT support here seems to be non-existent for students; you talk to a member of the library staff who, if you're lucky, will make an enquiry for you and get back to you... whenever. It's not a friendly set-up. I'm sure IT are simply tired of lazy users making frivolous enquiries and have planned it that way.

    Anywho, sob story aside, I have read the university's documentation carefully and it does not state anywhere that what I'm doing is prohibited, I'm not interested in setting up or using a HTTP proxy and I simply wanted to back up my files, monitor my server and most importantly 'call home' - so to speak.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •